Dieroff believes that by having an ethos of following a group of principles, organisations can ensure the effective and relevant use of the IT security budget, and possibly reduce spending by buying only what they need.

“If an organisation uses only an ISO certification as a guide for implementing a set of security controls, they run the risk of investing in controls that they are never going to need because they may not be relevant to that particular organisation’s business processes in any way,” he said.

Dieroff has worked with some of the world’s leading private and public organisations, as well as many small and medium-sized enterprises (SMEs) to assist in their development and understanding of how to strengthen their cyber security strategy and implementation.

“By looking at the actual risk they have and the threats they are facing, by considering the legislation and regulations they have to comply with, and using security operations analytics, organisations can derive quantified statistics to shape and support the security budget,” he said.

According to Dieroff, security analytics are a valuable source of information about which threat actors are targeting an organisation, what they are targeting and how.

“That data is quantified, and immediately gives you something to say that is an actual value that can be assigned based on a quantified figure, which then makes a realistic spend directed at protecting against actual threats associated with a high risk.

“Even the simple logs in the network can give a quantifiable number to evidence the need for every security control,” he said.

Spending based on actual risk

A risk-based approach means organisations can spend less protecting against threats to which they have a low exposure because they know the risk is low.

“The outcome is that you don’t spend as much on something that you don’t need to, and that spending is based on actual risk, contractual obligation, and regulatory or legislative requirement rather than simply following the latest security spending trend,” said Dieroff.

Dieroff is to discuss the topic of security budgets and spending at Cybercon on 23 February 2017 in Plymouth, which is at the centre of the south-west information security industry and community.

Blue Screen IT is the driving force behind the conference, which aims to cut through the “white noise” surrounding cyber security by enabling businesses of all sizes and industry sectors to communicate with international security specialists.

Cybercon, which has the support of the National Crime Agency (NCA) will feature a “Cyber Surgery” to give delegates one-on-one access to cyber security experts on specific issues, and a “HackShack” to demonstrate some of the methods hackers use to attack organisations and the motives behind them.

Improving cyber security standards across the world

By raising awareness and promoting global collaboration and information sharing between information security professionals, the invite-only event aims to improve the cyber security standards not only in the south-west of England, but across the UK and the world.

Any senior information technology and security professionals interested in attending Cybercon can apply for an invitation through the event website before 23 February 2017.

“One of the biggest problems we are seeing is that all the cyber criminals are working as a team to create malware super code, and so now cyber defenders have to start doing the same,” said Dieroff.

“Through Cybercon, we are aiming to give strategic decision makers and senior information systems people access to the information, experience and contacts they need.

“We are looking to attract serious people with serious interests, and create a spark among decision makers so they will set the tone to enable their organisations to establish successful information security policies and procedures,” he said.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.